Re: Firewalling with DHCP client
Stefan Srdic <linuxbox@telusplanet.net> writes:
> Bernd Harmsen wrote:
>
> > [ From the book "linux firewalls"]
> > Every time the IP Changes pump rewrites the /etc/resolv.conf and can
> > call a script. Add a line like the following to your /etc/pump.conf
> >
> > script /etc/pump.skriptname
> >
> > There are three Parameters transfered to the script:
> >
> > $1 Reason
> > $2 Interface
> > $3 New IP
> >
> > Hope that helps,
> > Bernd
>
> Well, I tried that and it never worked. I tried to work around it by using a
> text filter in my script. It sorta looks like this:
>
> #!/bin/sh
> # Set the path
> PATH="/sbin"
> # external network interface
> EXTIFACE="eth0"
> # External IP address
> IPADDR=" /sbin/pump --status | grep IP: | sed -e 's/.*IP: //' "
>
> # Drop incoming datagrans spoofing our address
> iptables -A INPUT --source $IPADDR -i $EXTIFACE -j DROP
>
>
> When I test the filter in the prompt I always get my IP address in return.
> However, when I run it through the netfilter script I always end up with the
> same error:
>
> iptables v1.2.2: Unknown arg `--status'
> Try `iptables -h' or 'iptables --help' for more information.
>
> Why is it that NetFilter reads all of the information inside of the quotes and
> not the outcome of the operation inside of the quotes>?
This is very basic shell behaviour. Replace the quotes with
backticks and it may work.
Ciao
Racke
--
Master of Swiss Web 2001: http://www.zweifel.ch/
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)
Reply to: